As I already mentionned the safest is to create a /etc/securetty fille with the only devices you allow root connection: If you have a true console or lan console you put in that file a line with just console :
If you know what tasks the user needs with root privileges, admin tasks? you can try to grant them using sam : You can grant the user a restricted SAM with the privileges to taks the user is allowed ( but the tool isnt complete, better than nothing though and avoids the use of su, you will have the SAM activitiy the user did with his own ID...)
Hi
I have make a program that needs root privleges but any user can try to run it, so what I want it is, when any user tries( other than root ) to run the program, an input prompt would open to enter root password ( if user knows ) and program will run ( otherwise exit ), and after completing... (21 Replies)
Hi, I've just managed to install openssh in my home directory on a server I have access to by using --prefix=$HOME/local after ./configure. Another thing I was having trouble with without root access was privilege separation, so I disabled that in my sshd_config. However, when I run... (10 Replies)
Hello,
As admin with root rights, to execute any command from another user without password-ask, I do : su - <user> -c "<cmd>"
But how can I do to give the same rights to another physical user without using root user ? :confused:
I've try to create another user "toor" with the same primary... (4 Replies)
Hi,
Is it possible to grant root privileges to an ordinary user?
Other than 'sudo', is there some way under Users/Groups configuration?
I want ordinary user to be able to mount, umount and use command mt.
/Brendan (4 Replies)
I have written a small web server in Python, and now I would like to run it on port 80, but in order to be able to bind to a port below 1024 I need to have root privileges. I don't want to run the server as root, though. How can I bind to port 80 as root and then drop root privileges?
Thankful... (0 Replies)
My English is no very good.
I must make a bash scripting sh create like a backdoor, and when execute the script a user without privileges convert in super user or root, whithout introducing the password.
In Spanish:
Crear un script que sirva como puerta trasera al sistema, de manera que al... (1 Reply)
Hello
I am a new (and only) administrator of a Solaris 10 environment. The previous admin gave me a use (say user123) that is supposed to have administrative privileges.
Now the problem is, the user does not have this privilege! Here is what i tried so far:
$ id
uid=109(user123) gid=1(other)... (3 Replies)
I had a question in my test which asked where suppose user B has a program with 's' bit set. Can user A run this program and gain root privileges in any way?
I suppose not as the suid program run with privileges of owner and this program will run with B's privileges and not root. (1 Reply)
Hi guys,
I am currently managing an application running on around 150 servers.
I only have application usage rights on those servers and do not have any root privileges.
I have an external node that can connect to those servers and I have root privileges on that one box.
I want to setup... (2 Replies)
Discussion started by: Junaid Subhani
2 Replies
LEARN ABOUT HPUX
chroot
chroot(2) System Calls Manual chroot(2)NAME
chroot() - change root directory
SYNOPSIS DESCRIPTION
causes the named directory to become the root directory, the starting point for path searches for path names beginning with path points to
a path name naming a directory. The user's working directory is unaffected by the system call.
The entry in the root directory is interpreted to mean the root directory itself. Thus, cannot be used to access files outside the subtree
rooted at the root directory.
Security Restrictions
The effective user ID of the process must be a user with the privilege to change the root directory.
See privileges(5) for more information about privileged access on systems that support fine-grained privileges.
RETURN VALUE
returns the following values:
Successful completion.
Failure.
is set to indicate the error.
ERRORS
fails and the root directory remains unchanged if one or more of the following is true:
Any component of the path name is not a directory.
The named directory does not exist or a component of the
path does not exist.
The effective user
ID is not a user who has the privilege.
path points outside the allocated address space of the process. The reliable detection of this error is implementation
dependent.
The length of the specified path name exceeds
bytes, or the length of a component of the path name exceeds bytes while is in effect.
Too many symbolic links were encountered in translating the path
name.
WARNINGS
Obsolescent Interfaces
is to be obsoleted at a future date.
SEE ALSO chroot(1M), chdir(2), privileges(5).
STANDARDS CONFORMANCE
TO BE OBSOLETED chroot(2)